Value transfer system

ABSTRACT

A plurality of electronic purses communicate with each other to transfer values in transactions off-line from a main computer. A transfer message protocol of a transaction between electronic purses includes a commitment message to constitute a proof of posting. This allows interruption of a transaction before the value message itself is set. Escrow type payments and batch processing are facilitated.

FIELD OF THE INVENTION

The invention relates to a value transfer system. Electronic valuetransfer systems have been proposed for transferring value betweenelectronic "purses". These purses may take many forms but a convenientform is an integrated circuit (IC) card which includes a micro-processorand memories for at least accumulated value. Such cards may be used inso-called cashless transactions where value is transferred to a retailer"purse" in exchange for goods or services.

DESCRIPTION OF THE RELATED ART

Thus, a major application of such a system is to provide for thetransfer of value equivalent to cash. Cash has both advantages andlimitations . An advantage of cash is that small value individualtransactions can be made without specific reconciliation between thepayer and the payee accounts. Not only does this relieve the system of aconsiderable data transfer burden, but also anonymity is conferred intransactions. This is felt to be a social advantage. Many prior proposedelectronic cashless value transfer systems have failed to recognizethese advantages of cash and have failed to implement them. The systemon which the present invention is based is described in published patentspecification No. WO91/16691 and provides a framework for the transferof value between electronic purses in such a way as to allow theaforesaid advantages of cash to be retained. The system may besummarized in that there is provided a computer; a plurality ofelectronic purses; exchange devices whereby purses may communicate witheach other to transfer value in transactions which are off-line from thecomputer; draw-down means for loading purses with value under control ofthe computer; redemption means for redeeming value from purses undercontrol of the computer; a value meter; one or more of said purses beingbulk purses which are capable of having value loaded and redeemed viathe value meter, the value meter recording one or more float valuerecords whereby the net value released to the bulk purse or purses maybe derived, the net value being the difference between the total ofvalues drawn down to the bulk purse or purses and the total of valuesredeemed from the bulk purse or purses, the float value record beingnon-specific with regard to individual draw-downs and redemptions.

The value meter may have an interface whereby the float value record maybe adjusted on command so as to create or destroy value within the bulkpurse or purses.

Preferably there is provided, in each purse, storage means which storesa purse value record which is accumulative and, in each purse orassociated exchange device, a microprocessor, transactions beingconducted between purse pairs, one of which, the sending purse, sendsvalue and the other of which, the receiving purse, receives value, themicroprocessors being programmed so that in each off-line transactionthe purse value record in the sending purse is decreased by a chosen andvariable transaction value and the purse value record in the receivingpurse is increased by the same transaction value.

By providing a float value record which is non-specific anonymity isensured and reconciliation with customer accounts for all subsequentpurse to purse transactions is unnecessary.

In some situations it is necessary to ensure that payment of funds orother value is contingent upon some subsequent event. For example, itmay be desirable to transfer value on the basis only that such value isused for a specific purpose. Foreign exchange control may be the reasonfor this. For example, a government may wish to fund an importer on thebasis that the funds can be applied only to designated goods.

Also, it may be desirable to use the value transfer system in a batchprocessing mode. The present invention seeks to provide an improvementwhereby contingency and batch payments are possible.

SUMMARY OF THE INVENTION

According to the invention there is provided a value transfer systemhaving a computer; a plurality of electronic purses; exchange deviceswhereby purses may communicate with each other to transfer value intransactions which are off-line from the computer; and, in each purse orassociated exchange device, a microprocessor, transactions beingconducted between purse pairs, one of which, the sending purse, sendsvalue and the other of which, the receiving purse, receives value, themicroprocessors being programmed so that each transaction includes atleast the following steps:

A. The receiving purse sends a "request to receive value" message;

B. The sending purse creates a value message;

C. The sending purse creates and stores, a commitment message whichsignifies commitment of the requested value to the receiving purse;

D. The sending purse sends, between steps C and B, the commitmentmessage; and

E. The sending purse sends the value message.

Preferably each purse has a store which is a log of transactions, thecommitment message being stored in the log of the sending purse oncreation and being stored in the log of the receiving purse onreception.

Before creating the commitment message the sending purse will havecreated the value message and subtracted the value required from itsaccumulator this sequence of events means that even if the transactionis terminated after creation of the commitment message it is ensuredthat the funds required are available in due course to the receivingpurse and to that purse only. The same funds are no longer available tothe sending purse. However, in order to complete the transaction theescrow amount must be transferred to the receiving purse. If necessary,this may be done by transfer in a series of transactions through one ormore intermediaries who may be regarded as holding the funds subject tothe contingency conditions being met.

Preferably the purses have means whereby a transaction between a pair ofpurses is given a unique identifier and the microprocessors areprogrammed to respond to the identifiers to prevent a given transactionfrom being repeated. No reference is then required to the computer todetermine whether the same "electronic cash" is being used twice. Inclaiming to redeem value the computer is accessed and it will bepossible to determine whether the same claim is being made twice, eitherdirectly or, since a claim may be simply another transaction, by meansof a transaction identifier. The transaction identifier is preferablysent from the transmitting purse to the receiving purse, beingconveniently derived from data identifying the receiving purse and areceiving purse transaction sequence number or electronic date/timestamp obtained from the receiving purse in a preliminary "hand-shaking"operation. In this way the receiving purse can monitor the transactionand any attempt to transmit the same value record twice will be foiled.

Security of the system demands that cryptographic techniques be employedto prevent fraud. The most effective cryptographic techniques areasymmetrical in that they require different keys to encrypt and decryptinformation. The terms "encrypt" and "decrypt" will be used herein tomean "encypher" and "decypher". One well-known and suitablecryptographic technique is that attributed to Rivest, Shamir andAdleman, known as the RSA system. It is envisaged that both purses of acommunicating pair may employ the RSA system equally in a balanced wayfor algorithmic processing. However, whereas RSA encryption isstraight-forward, relatively powerful computing facilities are requiredto execute RSA decryption conventionally in a short time. In order toovercome this difficulty, in the interests of economy and speed, it isproposed in accordance with a feature of the invention that anunbalanced system be used in which the processing capability required byconsumer purses is significantly less than that required by retailerpurses.

Each user of an asymmetrical key cryptographic system has a key pair,namely a public key and a secret key. Messages to another are encryptedusing the other's (remote) public key which is made available, perhapsby as key exchange procedure. Received messages are decrypted using thelocal secret key. Use of a public key is far less demanding of computingpower than use of a secret key so that conventionally encryptionrequires less computing overhead than decryption. Therefore, inimplementing an unbalanced system of the kind described it is expedientto remove the requirement that the consumer purse performs conventionalRSA decryption.

A first way of reducing the cryptographic burden in the consumer purseis to provide it with a simpler, symmetrical, cryptographic system. Sucha system uses the same key for encryption and decryption. An example isthe DES cryptographic system (Data Encryption Standard--U.S. FIPS46,1976. Retailer purses retain the full power of the RSA system.

A second method is to use the consumer purse's own public key/secret keysystem for the interchange of data. In an exchange of keys the consumerpurse sends its secret key to the retailer purse. In the transmission ofdata to the retailer purse the consumer purse would encrypt using itsown public key and the retailer purse would decrypt using the consumerpurse's secret key.

Security can be enhanced by using electronically certified data, forexample digitally signed data, in the transaction process. Each purse onissue will be allocated a characteristic number and will have thatnumber signed by the secret key of an asymmetrical global cryptographicsystem. The result will be a global signing of the number and this isstored in the purse. All purses will carry the public key of the globalpair so that on receipt of another's globally signed number it will bepossible to verify that it is valid. The numbers can be regarded asglobally certified. Since transactions will require the exchange ofencryption keys it is convenient, although not necessary, to arrangethat the globally certified numbers are encryption keys to be exchanged.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will further be described with reference to theaccompanying drawings, of which:

FIG. 1 is a schematic drawing of a banking computer system in accordancewith the invention;

FIG. 2 is a diagram illustrating the value meter;

FIG. 3 is a diagram illustrating an example of a value transactionprocedure using a full RSA cryptographic system;

FIG. 4 is a diagram illustrating an example of a value transactionprocedure using a secret key transmission technique; and

FIG. 5 is a diagram illustrating an example of a value transactionprocedure using a mixed RSA/DES cryptographic system.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

Referring to FIG. 1 there are shown three clearing banks 1, 2 and 3 withrespective computers 1a, 2a and 3a. The computers have files containingaccount details of the banks' consumer and retailer customers. Eachcomputer also has a value meter 1b, 2b, 3b which shows a float valuerecord. The actual funds represented by the non-specific float valuerecords may reside in one or more of banks 1, 2 or 3, or elsewhere.

Each bank has a bulk purse 1c, 2c, 3c which is connected to therespective value meter and which has a memory with a purse value record.Terminals 5 are connected by telephone selectively to computers 1, 2 and3. Typically terminals 5 may be home computer terminals or terminalsavailable in public places. Consumers have electronic purses in the formof IC cards 6. These cards have microprocessors and memories. In thememory of each card is stored a purse value record 7. The cards havecontacts 8, whereby the cards can interact with terminals 5 via cardreaders 9. By making appropriate requests at the keyboard of theterminal, a consumer may be connected to the computer of his bank, 1, 2or 3 and may request a value record to be loaded to his purse. If thebank authorizes the request, the bulk purse is instructed to institute adraw-down of value to load purse value record 7 with the valuerequested. The card is now ready for use.

Further electronic purses are contained in terminals 10, 11 which areequipped with IC card readers 9, located at different points-of-sale. Touse his card the consumer presents it to the retailer where it isinserted into reader 9. The required value of the transaction is keyedin and by agreement the total held in the purse value record of thepurse 6 is reduced by the amount of the transaction. The purse valuerecord of the purse held within the terminal 10 or 11 is increased bythe same transaction value. The consumer takes his goods and is free touse the card up to the total held in the purse value record of his pursein other retailers' equipment.

Periodically a retailer may redeem value represented by the purse valuerecord held in the purse of his terminal 10 or 11, irrespective of theconsumers' identities and without presenting any details of theindividual transactions that have given rise to the total accumulatedvalue. This may be done by connecting the terminal 10 or 11 to theretailer's bank 1, 2 or 3 as appropriate and requesting a redemption ofvalue. The bank's computer then instructs a redemption transaction whichaccepts value from the terminal purse. The bank computer credits theretailer's account with funds. The value meters form the basis forallowing control of the total amount of value in circulation in all thepurses and for apportioning, on an agreed basis, funds representing thetotal value.

The bulk purses 1c, 2c, 3c differ from the other purses in being capableof having value loaded and redeemed via the value meter, as well as bypurse to purse transactions. In all other respects the purses aretechnically similar, it being understood in particular that the samecryptographic techniques for bulk purse to other purse transactions(on-line) used are the same as for off-line transactions. FIG. 2 showsthe value meter as including an indicator 12 which shows a float valuerecord. This is, in this case, the net value released to the bulk purse1c, being the difference between the total of values drawn down via themeter and the total of values redeemed via the meter. It will beappreciated that the individual gross draw-down and redeemed values maybe indicated as well as or instead of the net value, it being readilypossible to derive the net value from the gross values, even if notdirectly indicated. The link 13 between the value meter and that of eachof its bulk purses is secure. The purse may be physically adjacent tothe value meter and security ensured by physical locks etc.Alternatively, the bulk purse may be remote from the value meter andsecurity is achieved by cryptographic techniques. It is important toensure that the value meter always accurately represents the valuereleased to the bulk purse and no fraudulent alteration can take place.Each value meter has an interface 14 which may be a link to the bankcomputing facility or a keyboard unit. Authorized personnel may entervalues to be added to or subtracted from the float value record,representing a creation or destruction of value to be circulated. Thus,value to be circulated may be adjusted in bulk, perhaps daily, insteadof on demand in response to individual draw-downs and claims.

Using the float value record in this way allows off-line interchange ofvalue, given suitable terminals, between consumers and retailers,retailers and consumers and consumers and consumers, without the need tomaintain large numbers of accounts or detailed account to accountreconciliations.

Consumers themselves may adjust the purse value records in their pursesby person to person interchange or by refunds etc. from retailers. It isenvisaged that purse value records may be transferred to individualaccounts by a claiming procedure from the float value record in asimilar manner as retailers' claims.

Purses may be used on an international basis by loading differentcurrencies in them. It is envisaged that each country or group ofcountries will hold a float value record in the appropriate currency.Application by a consumer to load his purse with a foreign currency mayresult in his domestic account being debited by the appropriate amountin his own currency and, the respective foreign currency float valuerecord being increased.

A purse value record held in a purse may be converted to a differentcurrency on request, the conversion being effected at the appropriaterate and resulting in a transfer of value from the float value record ofone currency to that of another currency and a corresponding conversionof funds between the currencies.

FIG. 3 shows the procedure during an off-line transaction in a firstembodiment of the invention. Both purses have full RSA asymmetricalcryptographic capability. The sending purse has a store SS which holdsan accumulative value record Svr and the following RSA keys: senderpublic and secret keys Pks and Sks and global public key Pkg. Inaddition there is a certified data message [Pks]*Skg. This is the senderpurse's unique public key signed by the master computer with its globalsecret key Skg. The public key Pks is thus electronically certified asvalid by the system, The receiver purse has a store RS which holds anaccumulative value record Rvr and the receiver purse's own RSA publicand secret keys Pkr,Skr, the global public key Pkg and a certifiedpublic key data message [Pkr]*Skg.

The first step of the transaction procedure is for the receiving purseto issue a transaction identifier number R. This is derived from acombination of the receiving purse identity and a transaction sequencenumber for that purse. Two-way communication between the purses isestablished, perhaps locally by direct connection or by infra-red linkor the like or remotely by modem and telephone. The following steps arefollowed:

1. The receiving purse transmits a request message which is[Pkr]*Skg+[R]*Skr.

2. The sending purse is able to check [Pkr]*Skg by use of the publicglobal key Pkg. This gives the sending purse the authentic key Pkr toverify [R]*Skr and hence recover R.

3. The sending purse constructs a transaction value message VR fromvalue V it wishes to transfer and from the request message R. This issigned with the sender's secret key to give the following transactionvalue message which is stored in the sending purse:

    [Pks]*Skg+[VR]*Sks

4. The sending purse creates a commitment message of the form[Pks]*Skg+[PR]*Sks where P is a combination of a value V to betransferred and a signifier that the message is a commitment message.

5. The value V which is required to be transferred is decremented fromthe purse value record Svr.

6. Details of the commitment message are logged in the sending purse logSTL.

7. The commitment message is sent to the receiving purse.

8. The receiving purse obtains the public key Pks by use of the publickey Pkg thereby verifying the message [Pks]*Skg.

9. Use of the public key Pks thus found verifies [PR]*Sks and hencerecovers PR.

10. R is checked to ensure that it carries the identity of the receivingpurse and the appropriate transaction number. If not, the transaction isaborted.

11. The receiving purse logs the commitment message in its log RTL.

12. The sending purse transmits the transaction value message. This maybe after an interruption in the transaction of any required duration.

13. The receiving purse obtains the public key Pks by use of the publickey Pkg thereby verifying the message [Pks]*Skg.

14. Use of the public key Pks thus found verifies [VR]*Sks and hencerecovers VR.

15. R is checked to ensure that it carries the identity of the receivingpurse and the appropriate transaction number. If not, the transaction isaborted.

16. If all is well, the value V is added to the purse value record ofthe receiving purse.

17. A signed acknowledgement is sent to the sending purse.

RSA encryption and decryption require calculation of the expressionx^(y) mod n where y is different for encryption and decryption. Inparticular the index y for encryption (embodied in the public key) issmall and the corresponding index for decryption (embodied in the secretkey) is very much larger. As a consequence, while modest computing powercan handle encryption in an acceptably short time the same is not truefor decryption. The creation of a certified (e.g. digitally signed)message has an equivalent processing overhead to decryption, thechecking of such a message has an equivalent processing overhead toencryption. The embodiments illustrated in FIGS. 4 and 5 providearrangements which allow one of the pair of communicating purses to beof lower computing power, and therefore less expensive, than the other.In these arrangements some purses of the system (retailer purses) havefull RSA capability (encryption and decryption capability) whereas theremainder (consumer purses) include a symmetrical key cryptographicsystem for transmitting transaction value record messages. A suitablesymmetrical key cryptographic system is the DES system. This requiresfor encryption and decryption a level of computing power similar to thepower required for RSA encryption.

Referring to FIG. 4 there is illustrated the transaction procedurebetween two purses where the sending purse is a consumer purse and thereceiving purse is a retailer purse. The retailer purse has full RSAcapability whereas the consumer purse has a lower power computingfacility. The sending purse has a store CS which holds an accumulativevalue record Cvr and the RSA global public key Pkg. In addition there isa DES key DESc and a certified data message [DESc]*Skg which is thesending purse's unique DES key signed by the master computer with itsglobal secret key Skg. The receiving purse has a store SR which isidentical with the store SR of the FIG. 3 embodiment, holdingPkr,Skr,Pkg and [Pkr]*Skg.

The first step in the transaction procedure is for the receiving purseto issue a transaction identifier R as in the embodiment of FIG. 3. Thenthe following steps are taken:

1. The receiving purse transmits its certified public key message[Pkr]*Skg.

2. The sending purse checks the signed message and derives Pkr.

3. The sending purse encrypts its certified message using Pkr. Since theindex y of a public key such as Pkr is small, encryption with it iscomputationally easy. The message sent to the receiving purse is

    E.sub.Pkr [[DESc]*Skg]

4. The receiving purse decrypts the message firstly with its secret keySkr to derive [DESc]*Skg which itself is checked with Pkg to giveverification and derive DESc.

5. The receiving purse transmits the message [R]*DESc which is thetransaction identifier R processed with a DES integrity algorithm.

6. The receiving purse decrypts the message in DES, derives thetransaction identifier R and constructs the value message VR And thecommitment message PR in the same way as in the FIG. 3 embodiment.

7. The sending purse decrements the value V from its purse value recordand sends the message [PR]*DESc to the receiving purse. The commitmentmessage is logged in STL.

8. The receiving purse decrypts [PR]*DES and checks that R is correct.If not the transaction is aborted.

9. If all is well the commitment message is stored in log RTL.

10. The sending purse constructs the value message VR and sends thevalue message [VR]*DESc to the receiving purse.

11. The receiving purse processes [VR]*DESc with a DES integrityalgorithm and checks that R is correct. If not the transaction isaborted.

12. The value V is added to the receiving purse's purse value record andan acknowledgement message is sent to the sending purse.

Referring now to FIG. 5 there is shown a transaction procedure whichallows the purses to have unbalanced computing power while using thekeys of an asymmetrical cryptographic system. In FIG. 5 the store RS ofthe receiving purse has the same keys as in the FIG. 3 embodiment. Thecomputing power of the sending purse is less than that of the receivingpurse and instead of the signed public key, the sending purse holds anunsigned public key (which in this case is kept secret) and a signedsecret key [Sks]*Skg (which also incorporates Pks). A transactionprocedure has the following steps:

1. The receiving purse transmits the signed message [Pkr]*Skg.

2. The sending purse checks the signed message with Pkg, verifying[Pkr]*Skg and hence recovering Pkr.

3. The sending purse encrypts its signed message with Pkr and sendsE_(Pkr) [[Sks]*Skg].

4. The receiving purse decrypts the message firstly with the use of itssecret key Skr to give [Sks]*Skg and then uses the global public key Pkgto verify [Sks]*Skg, thereby recovering Sks.

5. The receiving purse signs the transaction identifier R with Sks andsends [R]*Sks.

6. The sending purse derives R by the use of Pks.

7. The sending purse constructs value message E_(Pks) [VR] and acommitment message E_(Pks) [PR]. The commitment message is logged in STLand is sent to the receiving purse.

8. The receiving purse decrypts the message with the use of Sks toderive P and R. R is checked and if it is incorrect the transaction isaborted.

9. The commitment message is logged in RTL.

10. The sending purse sends the value message E_(Pks) [VR].

11. The receiving purse decrypts the message with the use of Sks toderive V and R. R is checked and if it is incorrect the transaction isaborted.

12. If all is well the purse value record of the receiving purse isincremented by V, the key Sks in the receiving purse is discarded and anacknowledgement message is sent to the sending purse.

The commitment message can be regarded as a "proof of posting" messagein the sense that it is proof that the value has been posted, inaccountancy terms, from the account of the sending purse. Thus, "proofof posting" is proof that the value accumulator in the sending purse hasbeen decremented by the required value. Effectively, the commitmentmessage tells the receiving purse that the required value has beenirrevocably committed to it. The commitment, or "proof of posting"message takes the form of the value message except that a proof number Ptakes the place of value V. However, P contains the value information ofV. Thus, the commitment message has the form [Pks]*Skg+[PR]*Sks. At thesame time, details are logged in the sending purse log STL. On receiptof the commitment message the receiving purse enters the details in thelog RTL.

By virtue of the logs it is possible to recover financially intact fromany transaction which has been interrupted either accidentally ordeliberately. In the event of a dispute about the allocation of fundsbetween purses for whatever reason, the purses can be examined and thedispute resolved on the basis of the log information. The transactionmay be broken at any time after the value and commitment messages havebeen created and logged.

When the value and commitment messages have been logged, it is possibleto interrupt the transaction. This is illustrated, for example, by thebroken line marked "Interrupt". Interruption at this stage is useful forcontingency payments since the receiving purse will have receivedconfirmation that the required funds are committed to it but will nothave received the funds at that time. On satisfaction of the contingencyrequirements the transaction can be resumed by the sending pursetransmitting the value message in the manner described before. Theactual transmission and receipt of the value message are logged by therespective purses and the transaction is completed. It is not necessarythat the value message should be transmitted directly from sending purseto receiving purse and various intermediate transactions can beenvisaged whereby the value, which can be regarded as being held inescrow, is transferred to intermediate purses. These purses will nothave access to the funds represented by the escrow message which will bedestined for and usable by the receiving purse only.

An advantage of interrupted processing of a transaction is that itallows transactions to be batch processed in their suspended state.This, in turn, renders the system applicable to batch processingprocedures.

The invention is not restricted to the details of the embodimentsdescribed above with reference to the drawings. For example, the methodof sending and receiving cryptographic keys described may be replaced bya preliminary "exchange of keys" protocol step.

We claim:
 1. A value transfer system comprising:a computer; a pluralityof electronic purses; exchange devices associated with the electronicpurses through which the purses communicate with each other to transfervalue in transactions which are off-line from the computer; and,microprocessors respectively contained in the electronic purses orassociated exchange devices, said microprocessors being programmed toeffect transactions between a pair of purses including a sending pursewhich sends value and a receiving purse which receives value, whereineach transaction includes at least the microprocessor implementedprocesses of (a) the receiving purse or an exchange device associatedwith the receiving purse sending a requested value message denoting arequest to receive value, (b) the sending purse or the exchange deviceassociated with the sending purse creating a value message responsive tothe requested value message sent by the receiving purse or the exchangedevice associated with the receiving purse, (c) the sending purse or theexchange device associated with the sending purse creating and storing acommitment message which signifies commitment of the value requested bythe request value message sent by the receiving purse or the exchangedevice associated with the receiving purse, (d) the sending purse or theexchange device associated with the sending purse sending the commitmentmessage to the receiving purse or the exchange device associated withthe receiving purse, (e) the sending purse or the exchange deviceassociated with the sending purse sending the value message to thereceiving purse or the exchange device associated with the receivingpurse, and (f) the receiving purse or the exchange device associatedwith the receiving purse receiving and processing the value message. 2.A value transfer system as claimed in claim 1, wherein each purse has astore which is a log of transactions, the commitment message beingstored in the log of the sending purse upon creation and being stored inthe log of the receiving purse upon reception.
 3. A value transfersystem as claimed in claim 2, wherein the microprocessors are programmedto provide each transaction a unique identifier R specific to thereceiving purse, wherein the requested value message includes thetransaction identifier R, wherein the value message includes informationVR including a value V to be transferred and the transaction identifierR, and wherein the commitment message includes information PR where Pincludes the value V and a signifier which signifies the message as acommitment message.
 4. A value transfer system as claimed in claim 3,wherein the microprocessors are programmed to employ an asymmetricalcryptographic system having different public and secret keys and eachpurse has stored therein at least a public key of the system.
 5. A valuetransfer system as claimed in claim 4, wherein each purse stores datasigned in the cryptographic system by the computer with a global secretencryption key, the signed data thereby being electronically certified,and the microprocessors are programmed to effect each transaction bychecking certified purse data using the global public key.
 6. A valuetransfer system as claimed in claim 5, wherein a transaction a firstmicroprocessor of one of the receiving purse and the sending purse hassuperior computing power compared to that microprocessor of the other ofthe receiving purse and the sending purse, wherein the purse of thesecond microprocessor includes an encryption key for a symmetricalcryptographic system and the first and second microprocessors areprogrammed to effect the transaction by sending to the purse of thefirst microprocessor the encryption key of the purse of the secondmicroprocessor and encrypting data at the purse of the secondmicroprocessor using the encryption key.
 7. A value transfer system asclaimed in claim 4, wherein each purse has stored therein a unique keypair including a public key and a secret key in the cryptographic systemand the microprocessors are programmed to effect transmission oftransaction data as encrypted and decrypted data using the key pairs. 8.A value transfer system as claimed in claim 7, in which in a transactiona first microprocessor of one of the receiving purse and the sendingpurse has superior computing power compared to that of a secondmicroprocessor of the other of the receiving purse and the sendingpurse, and the first and second microprocessors are programmed to effectthe transaction by sending to the purse of the first microprocessor thesecret key of the key pair of the purse of the second microprocessor andencrypting data at the purse of the second microprocessor using thepublic key of the key pair of the purse of the second microprocessor. 9.A value transfer system as claimed in claim 2, wherein themicroprocessors are programmed to employ an asymmetrical cryptographicsystem having different public and secret keys and each purse has storedtherein at least a public key of the system.
 10. A value transfer systemas claimed in claim 9, wherein each purse stores data signed in thecryptographic system by the computer with a global secret encryptionkey, the signed data thereby being electronically certified, and themicroprocessors are programmed to effect each transaction by of checkingcertified purse data using the global public key.
 11. A value transfersystem as claimed in claim 10, wherein a transaction a firstmicroprocessor of one of the receiving purse and the sending purse hassuperior computing power compared to that microprocessor of the other ofthe receiving purse and the sending purse, wherein the purse of thesecond microprocessor includes an encryption key for a symmetricalcryptographic system and the first and second microprocessors areprogrammed to effect the transaction by sending to the purse of thefirst microprocessor the encryption key of the purse of the secondmicroprocessor and encrypting data at the purse of the secondmicroprocessor using the encryption key.
 12. A value transfer system asclaimed in claim 9, wherein each purse has stored therein a unique keypair including a public key and a secret key in the cryptographic systemand the microprocessors are programmed to effect transmission oftransaction data as encrypted and decrypted data using the key pairs.13. A value transfer system as claimed in claim 12, in which in atransaction a first microprocessor of one of the receiving purse and thesending purse has superior computing power compared to that of a secondmicroprocessor of the other of the receiving purse and the sendingpurse, and the first and second microprocessors are programmed to effectthe transaction by sending to the purse of the first microprocessor thesecret key of the key pair of the purse of the second microprocessor andencrypting data at the purse of the second microprocessor using thepublic key of the key pair of the purse of the second microprocessor.14. A value transfer system as claimed in claim 1, wherein themicroprocessors are programmed to provide each transaction a uniqueidentifier R specific to the receiving purse, wherein the requestedvalue message includes the transaction identifier R, wherein the valuemessage includes information VR including a value V to be transferredand the transaction identifier R, and wherein the commitment messageincludes information PR where P includes the value V and a signifierwhich signifies the message as a commitment message.
 15. A valuetransfer system as claimed in claim 14, wherein the microprocessors areprogrammed to employ an asymmetrical cryptographic system havingdifferent public and secret keys and each purse has stored therein atleast a public key of the system.
 16. A value transfer system as claimedin claim 15, wherein each purse stores data signed in the cryptographicsystem by the computer with a global secret encryption key, the signeddata thereby being electronically certified, and the microprocessors areprogrammed to effect each transaction by checking certified purse datausing the global public key.
 17. A value transfer system as claimed inclaim 16, wherein a transaction a first microprocessor of one of thereceiving purse and the sending purse has superior computing powercompared to that microprocessor of the other of the receiving purse andthe sending purse, wherein the purse of the second microprocessorincludes an encryption key for a symmetrical cryptographic system andthe first and second microprocessors are programmed to effect thetransaction by sending to the purse of the first microprocessor theencryption key of the purse of the second microprocessor and encryptingdata at the purse of the second microprocessor using the encryption key.18. A value transfer system as claimed in claim 15, wherein each pursehas stored therein a unique key pair including a public key and a secretkey in the cryptographic system and the microprocessors are programmedto effect transmission of transaction data as encrypted and decrypteddata using the key pairs.
 19. A value transfer system as claimed inclaim 18, in which in a transaction a first microprocessor of one of thereceiving purse and the sending purse has superior computing powercompared to that of a second microprocessor of the other of thereceiving purse and the sending purse, and the first and secondmicroprocessors are programmed to effect the transaction by sending tothe purse of the first microprocessor the secret key of the key pair ofthe purse of the second microprocessor and encrypting data at the purseof the second microprocessor using the public key of the key pair of thepurse of the second microprocessor.
 20. A value transfer system asclaimed in claim 1, wherein the microprocessors are programmed to employan asymmetrical cryptographic system having different public and secretkeys and each purse has stored therein at least a public key of thesystem.
 21. A value transfer system as claimed in claim 20, wherein eachpurse stores data signed in the cryptographic system by the computerwith a global secret encryption key, the signed data thereby beingelectronically certified, and the microprocessors are programmed toeffect each transaction by checking certified purse data using theglobal public key.
 22. A value transfer system as claimed in claim 20,wherein each purse has stored therein a unique pair including a publickey and a secret key in the cryptographic system and the microprocessorsare programmed to effect transmission of transaction data as encryptedand decrypted data using the key pairs.
 23. A value transfer system asclaimed in claim 22, in which in a transaction a first microprocessor ofone of the receiving purse and the sending purse has superior computingpower compared to that of a second microprocessor of the other of thereceiving purse and the sending purse, and the first and secondmicroprocessors are programmed to effect the transaction by sending tothe purse of the first microprocessor the secret key of the key pair ofthe purse of the second microprocessor and encrypting data at the purseof the second microprocessor using the public key of the key pair of thepurse of the second microprocessor.
 24. A value transfer system asclaimed in claim 20, wherein in a transaction a first microprocessor ofone of the receiving purse and the sending purse has superior computingpower compared to that a second microprocessor of the other of thereceiving purse and the sending purse, wherein the purse of the secondmicroprocessor includes an encryption key for a symmetricalcryptographic system and the first and second microprocessors areprogrammed to effect the transaction by sending to the purse of thefirst microprocessor the encryption key of the purse of the secondmicroprocessor and encrypting data at the purse of the secondmicroprocessor using the encryption key.
 25. A value transfer system asclaimed in claim 20, wherein each purse has stored therein a unique pairincluding a public key and a secret key in the cryptographic system andthe microprocessors are programmed to effect transmission of transactiondata as encrypted and decrypted data using the key pairs.
 26. A valuetransfer system as claimed in claim 25, in which in a transaction afirst microprocessor of one of the receiving purse and the sending pursehas superior computing power compared to that of a second microprocessorof the other of the receiving purse and the sending purse, and the firstand second microprocessors are programmed to effect the transaction bysending to the purse of the first microprocessor the secret key of thekey pair of the purse of the second microprocessor and encrypting dataat the purse of the second microprocessor using the public key of thekey pair of the purse of the second microprocessor.